Create a Network Load Balancer - Elastic Load Balancing
Step 1: Configure a target groupStep 2: Register targetsStep 3: Configure a load balancer and a listenerStep 4: Test the load balancer

Create a Network Load Balancer

A load balancer takes requests from clients and distributes them across targets in a target group, such as EC2 instances.

Before you begin, ensure that the virtual private cloud (VPC) for your load balancer has at least one public subnet in each Availability Zone where you have targets. You must also configure a target group and register at least one target to set as default in order to route your traffic to the target group.

To create a load balancer using the AWS CLI, see Tutorial: Create a Network Load Balancer using the AWS CLI.

To create a load balancer using the AWS Management Console, complete the following tasks.

Step 1: Configure a target group

Configuring a target group allows you to register targets such as EC2 instances. The target group that you configure in this step is used as the target group in the listener rule when you configure your load balancer. For more information, see Target groups for your Network Load Balancers.

To configure your target group

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, choose Target Groups.

  3. Choose Create target group.

  4. For the Basic configuration pane, do the following:

    1. For Choose a target type, select Instances to register targets by instance ID, IP addresses to register targets by IP address, or Application Load Balancer to register an Application Load Balancer as a target.

    2. For Target group name, enter a name for the target group.

    3. For Protocol, choose a protocol as follows:

      • If the listener protocol is TCP, choose TCP or TCP_UDP.

      • If the listener protocol is TLS, choose TCP or TLS.

      • If the listener protocol is UDP, choose UDP or TCP_UDP.

      • If the listener protocol is TCP_UDP, choose TCP_UDP.

    4. (Optional) For Port, modify the default value as needed.

    5. For IP address type, choose IPv4 or IPv6. This option is available only if the target type is Instances or IP addresses and the protocol is TCP or TLS.

      You must associate an IPv6 target group with a dualstack load balancer. All targets in the target group must have the same IP address type. You can't change the IP address type of a target group after you create it.

    6. For VPC, select the virtual private cloud (VPC) with the targets to register.

  5. For the Health checks pane, modify the default settings as needed. For Advanced health check settings, choose the health check port, count, timeout, interval, and success codes. If health checks consecutively exceed the Unhealthy threshold count, the load balancer takes the target out of service. If health checks consecutively exceed the Healthy threshold count, the load balancer puts the target back in service. For more information, see Health checks for your target groups.

  6. (Optional) To add a tag, expand Tags, choose Add tag, and enter a tag key and a tag value.

  7. Choose Next.

Step 2: Register targets

You can register EC2 instances, IP addresses, or an Application Load Balancer with your target group. This is an optional step to create a load balancer. However, you must register your targets to ensure that your load balancer can route traffic to them.

  1. On the Register targets page, add one or more targets as follows:

    • If the target type is Instances, select the instances, enter the ports, and then choose Include as pending below.

    • If the target type is IP addresses, select the network, enter the IP addresses and ports, and then choose Include as pending below.

    • If the target type is Application Load Balancer, select an Application Load Balancer.

  2. Choose Create target group.

Step 3: Configure a load balancer and a listener

To create a Network Load Balancer, you must first provide basic configuration information for your load balancer, such as a name, scheme, and IP address type. Then provide information about your network and one or more listeners. A listener is a process that checks for connection requests. It is configured with a protocol and a port for connections from clients to the load balancer. For more information about supported protocols and ports, see Listener configuration.

To configure your load balancer and listener

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, choose Load Balancers.

  3. Choose Create load balancer.

  4. Under Network Load Balancer, choose Create.

  5. Basic configuration

    1. For Load balancer name, enter a name for your load balancer. For example, my-nlb. The name of your Network Load Balancer must be unique within your set of Application Load Balancers and Network Load Balancers for the Region. It can have a maximum of 32 characters, and contain only alphanumeric characters and hyphens. It must not begin or end with a hyphen, or with internal-.

    2. For Scheme, choose Internet-facing or Internal. An internet-facing load balancer routes requests from clients to targets over the internet. An internal load balancer routes requests to targets using private IP addresses.

    3. For IP address type, choose IPv4 if your clients use IPv4 addresses to communicate with the load balancer or Dualstack if your clients use both IPv4 and IPv6 addresses to communicate with the load balancer.

  6. Network mapping

    1. For VPC, select the VPC that you used for your EC2 instances.

      If you selected Internet-facing for Scheme, only VPCs with an internet gateway are available for selection.

    2. For Mappings, select one or more Availability Zones and corresponding subnets. Enabling multiple Availability Zones increases the fault tolerance of your applications. You can specify subnets that were shared with you.

      For internet-facing load balancers, you can select an Elastic IP address for each Availability Zone. This provides your load balancer with static IP addresses. Alternatively, for an internal load balancer, you can assign a private IP address from the IPv4 range of each subnet instead of letting AWS assign one for you.

  7. For Security groups, we preselect the default security group for your VPC. You can select other security groups as needed. If you don't have a suitable security group, choose Create a new security group and create one that meets your security needs. For more information, see Create a security group in the Amazon VPC User Guide.

    Warning

    If you don't associate any security groups with your load balancer now, you can't associate them later on.

  8. Listeners and routing

    1. The default is a listener that accepts TCP traffic on port 80. You can keep the default listener settings, or modify Protocol and Port as needed.

    2. For Default action, select a target group to forward traffic. If you didn't create a target group previously, you must create one now. You can optionally choose Add listener to add another listener (for example, a TLS listener).

    3. (Optional) Add tags to categorize your listener.

    4. For Secure listener settings (available only for TLS listeners), do the following:

      1. For Security policy, choose a security policy that meets your requirements.

      2. For ALPN policy, choose a policy to enable ALPN or choose None to disable ALPN.

      3. For Default SSL certificate, choose From ACM (recommended) and select a certificate. If you don't have an available certificate, you can import a certificate into ACM or use ACM to provision one for you. For more information, see Issuing and managing certificates in the AWS Certificate Manager User Guide.

  9. (Optional) You can use Add-on services with your load balancer. For example, you can choose to have AWS Global Accelerator create an accelerator for you and associate your load balancer with the accelerator. The accelerator name can have the following characters (up to 64 characters): a-z, A-Z, 0-9, . (period), and - (hyphen). After the accelerator is created, go to the AWS Global Accelerator console to finish configuring it. For more information, see Add an accelerator when you create a load balancer

  10. Tags

    (Optional) Add tags to categorize your load balancer. For more information, see Tags.

  11. Summary

    Review your configuration, and choose Create load balancer. A few default attributes are applied to your load balancer during creation. You can view and edit them after creating the load balancer. For more information, see Load balancer attributes.

Step 4: Test the load balancer

After creating your load balancer, you can verify that your EC2 instances have passed the initial health check, and then test that the load balancer is sending traffic to your EC2 instances. To delete the load balancer, see Delete a Network Load Balancer.

To test the load balancer

  1. After the load balancer is created, choose Close.

  2. In the left navigation pane, choose Target Groups.

  3. Select the new target group.

  4. Choose Targets and verify that your instances are ready. If the status of an instance is initial, it's probably because the instance is still in the process of being registered or it has not passed the minimum number of health checks to be considered healthy. After the status of at least one instance is healthy, you can test your load balancer. For more information, see Target health status.

  5. In the navigation pane, choose Load Balancers.

  6. Select the new load balancer.

  7. Copy the DNS name of the load balancer (for example, my-load-balancer-1234567890abcdef.elb.us-east-2.amazonaws.com). Paste the DNS name into the address field of an internet-connected web browser. If everything is working, the browser displays the default page of your server.